Announcement date: 2021-12-13

The current public release of AhsayCBS is v8.5.4.86 (as of 2021-Oct-11). Hotfixes are an Ahsay Partner Portal exclusive, found on www.ahsay.com/partners.

• AhsayCBS, AhsayOBM, AhsayACB, AhsayUBS version 8.5.4.86 (and above) are not vulnerable to CVE-2021-44228 (Log4j vulnerability).

The version of Log4j Ahsay products bundled does not contain the JNDILookup plugin and is not one of the affected versions. Also, remote logging feature and all logging had been disabled for Log4j Logger (set to OFF) (CVE-2019-17571). (UPDATE INFO: @2021-12-13, for Partner's peace of mind we will soon release a hotfix that will completely remove Log4j binaries. Check the Ahsay Partner Portal for its release in a few days.)

• AhsayCBS, AhsayOBM, AhsayACB, AhsayUBS version 7.17.x.x and prior versions (v6.29.x) are not vulnerable.

• AhsayPRD 2.0 is not vulnerable.

• Ahsay Mobile 1.6+ is not vulnerable.

• AhsayMOB is unsupported.

For v7.x, starting on 2021-06-30 Ahsay announced that Version 7 is progressively desupported and will EOL on 2022-01-01. No further enhancements, development, or hotfixes will be created. https://wiki.ahsay.com/doku.php?id=public:announcement:ahsay_v7_eol

For v6.x, on 2018-07-16 Ahsay announced that Version 6 is EOL 2018-12-31. No further enhancements, development, or hotfixes would be made. https://www.ahsay.com/blog/2018/07/16/ahsay-v6-best-effort-support/

If you are running either of these, to protect yourself from future vulnerability, we highly recommend to upgrade to latest release AhsayCBS. In order to upgrade, you must have valid maintenance prior to upgrading.

https://www.ahsay.com/download/download_document_v8_cbs-upgrade.jsp

• If you are running AhsayCBS (v8.x), https://wiki.ahsay.com/doku.php?id=public:8009_faq:how_to_install_the_latest_patch_set_for_ahsaycbs
• If you are running AhsayUBS (v8.x), https://wiki.ahsay.com/doku.php?id=public:8026_faq:how_to_install_the_latest_patch_set_for_ahsayubs

• If you are running AhsayCBS (v7.x), https://wiki.ahsay.com/doku.php?id=public:5145_faq:how_to_install_the_latest_patch_set_for_ahsaycbs
• If you are running AhsayUBS (v7.x), https://wiki.ahsay.com/doku.php?id=public:5237_faq:how_to_install_the_latest_patch_set_for_ahsayubs_version_7

• If you are running AhsayOBS or AhsayOBSR (v6.x), read “Best Practice for AhsayOBS to AhsayCBS Upgrade and Data Migration” (https://www.ahsay.com/download/download_document_v8_cbs-upgrade-key-steps.jsp)

You can contact Ahsay Sales at sales-kb@ahsay.com, to renew your maintenance.

If you have further technical questions, you may submit a ticket to Ahsay Support at https://www.ahsay.com/partners .

Ahsay offers Professional Services to assist with upgrading your server(s). Please contact Ahsay Sales for a quote.